People are increasingly using online services such as electronic mail, online banking, social networks, and instant messaging. In many instances an individual (hereafter, user) wishing to use such services will establish an account with a relevant service provider. The account may be associated with a user name and protected by a password, both of which are known to the user and shared with the service provider. When a user wishes to access the account, he/she may enter the username and password into a relevant login portal, such as a website. The service provider may then compare the entered username and password combination with username and password combinations stored by the service provider. Assuming the entered username and password match the login information stored by the service provider, the user is granted access to his/her account.
While password authentication mechanisms such as the one described above are useful, users often forget the login information (username, password, etc.) needed to access their accounts. This may be particularly true in instances where a user has many different accounts and/or has selected a password that is complex and/or hard to guess (and thus hard to remember). In addition, hackers and/or malware may attempt to gain access to user accounts by snooping or otherwise obtaining the relevant username and password associated with such accounts. Should this occur, the malware and/or hacker may gain access to a user's account(s) and change the password. For these and other reasons, users may lose access to his or her account.
A user who has lost access to an account may attempt to regain access to the account using an account recovery service. In a common scenario, the account recovery service will ask the user for information or other inputs that allow the system to verify the identity of the user. For example, an account recovery service may ask the user a series of questions based on personal private information (e.g., phone number, identification number, social network information, etc.) that the user previously provided to the account recovery service, e.g., during creation of the account in question. Assuming the inputs received by the user match the recovery service's records, the recovery service may restore access to the account.
While existing account recovery services are useful, users may not wish to share certain information with an account recovery service. This may be particularly true when the information requested by the account recovery service is personal private information, and/or if the individual does not trust the service provider. Users may also fear that their personal information may become compromised by malware, a hacker, or some other entity that may target the service provider's account recovery system.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.